This blog is a personal book on Security/ IDM related thoughts/opinions.
The blog posts are a personal opinion only and neither reflect the views of current/past employers nor any OTHER person living/dead on this planet.

Google Site Search

Enter your search termsSubmit search form

Web

jboss.org

anil-identity.blogspot.com

Monday, March 19, 2012

JBoss AS 7:: Social Login (Facebook Connect/ Google Authentication)

Background

There is no denying that Social Media is growing
leaps and bounds. The concept of social login has prevailed. Facebook
and Google have turned out to the holders of user information that can
be used to be the secure gateway into your web applications. Facebook /
Google Users are part of what is called "Consumer Identity".
In
this article, we will look at a simple web application as part of the
PicketLink Social Project, that can help you visualize addition of
Facebook Connect / Google Authentication to your web applications. We
will use the fast, free and awesome JBoss Application Server v7 as the
runtime.

What is needed?

You will need to get hold of

JBoss Application Server v7.1 (at the time of writing, v7.1.1.Final was the latest).

Use the self contained picketlink-reg.war.

Steps to follow

Follow the JBoss AS7 user guide to extract the server. It is mainly just unzipping a zip archive.

Now copy the attached picketlink-reg.war to standalone/deployments directory of JBoss AS7.

You
need to make some configuration changes to
standalone/configuration/standalone.xml file to add a security domain as
well as a bunch of system properties.

What
Ihave done is inserted a block of security domain configuration inside
the security configuration and before the security domain "other".

Define a bunch of system properties.

extensions>

<system-properties>

<propertyname="CLIENT_ID"value="Insert_your_client_id"/>

<propertyname="CLIENT_SECRET"value="Insert_your_client_secret"/>

system-properties>

<management>

<security-realms>

We
have defined a block for system properties at the end of the block for
extensions and the beginning of management. Please have a look at the
wiki article on JBoss AS7 System Properties, for more information.

Note that I am assuming that your app is deployed on localhost. If the domain is different, then you have to define an additional system property called "RETURN_URL" that gives a value such as "http://thedomain/picketlink-reg/auth" (replace thedomain with whatever value you want).

How to test the web application?

You can go to http://localhost:8080/picketlink-reg/Now you can login either using Facebook Connect or Google Authentication.Note
that the attached web application just outputs the name of the
authenticated user and the email address. You can get more information
if desired by changing the configuration settings.

What changes do we need to make a web application use Facebook Connect or Google Authentication as its Authentication Mechanism?

You
will need to configure the ExternalAuthenticator in
WEB-INF/jboss-web.xml Look at how the attached picketlink-reg.war
application does it.